Re: FFS: wrong superblock check ~> crash

[mlelstv%serpens.de@localhost (Michael van Elst)]

rmind%netbsd.org@localhost (Mindaugas Rasiukevicius) writes:

>> In my use case, a broken filesystem is usually a sign of an unnoticed
>> hardware or software error and the best reaction to recover is to
>> panic (and throw the data away, the machines have only temporary
>> data). Continuing with a read-only filesystem doesn't do any good,
>> because you have no means to find out wether the data you can read
>> is complete or correct.

>Why not?  It seems to be a question of how do you communicate the errors
>back to the applications or administrator.  There are applications which
>gracefully handle EIOs exactly for this purpose.  The fact that they are
>very rare does not mean they do not exist. :)

See, that's what "in my use case" means.


>> Most clustered systems also handle complete outages better than
>> a degraded mode. That's why you have things like STONITH.

>It really depends on the application or service; you often have to take
>design considerations for both though.

That was the point, there is no definitive solution. You, as an
administrator, need to choose.